version 1.1.1.1, 2012/02/17 15:09:30
|
version 1.1.1.2, 2013/10/14 07:51:14
|
Line 1
|
Line 1
|
mailto(rsync-bugs@samba.org) |
mailto(rsync-bugs@samba.org) |
manpage(rsyncd.conf)(5)(23 Sep 2011)()() | manpage(rsyncd.conf)(5)(28 Sep 2013)()() |
manpagename(rsyncd.conf)(configuration file for rsync in daemon mode) |
manpagename(rsyncd.conf)(configuration file for rsync in daemon mode) |
manpagesynopsis() |
manpagesynopsis() |
|
|
Line 28 whitespace in module and parameter names is irrelevant
|
Line 28 whitespace in module and parameter names is irrelevant
|
trailing whitespace in a parameter value is discarded. Internal whitespace |
trailing whitespace in a parameter value is discarded. Internal whitespace |
within a parameter value is retained verbatim. |
within a parameter value is retained verbatim. |
|
|
Any line beginning with a hash (#) is ignored, as are lines containing | Any line bf(beginning) with a hash (#) is ignored, as are lines containing |
only whitespace. | only whitespace. (If a hash occurs after anything other than leading |
| whitespace, it is considered a part of the line's content.) |
|
|
Any line ending in a \ is "continued" on the next line in the |
Any line ending in a \ is "continued" on the next line in the |
customary UNIX fashion. |
customary UNIX fashion. |
Line 78 You may also include any module parameters in the glob
|
Line 79 You may also include any module parameters in the glob
|
config file in which case the supplied value will override the |
config file in which case the supplied value will override the |
default for that parameter. |
default for that parameter. |
|
|
|
You may use references to environment variables in the values of parameters. |
|
String parameters will have %VAR% references expanded as late as possible (when |
|
the string is used in the program), allowing for the use of variables that |
|
rsync sets at connection time, such as RSYNC_USER_NAME. Non-string parameters |
|
(such as true/false settings) are expanded when read from the config file. If |
|
a variable does not exist in the environment, or if a sequence of characters is |
|
not a valid reference (such as an un-paired percent sign), the raw characters |
|
are passed through unchanged. This helps with backward compatibility and |
|
safety (e.g. expanding a non-existent %VAR% to an empty string in a path could |
|
result in a very unsafe path). The safest way to insert a literal % into a |
|
value is to use %%. |
|
|
startdit() |
startdit() |
dit(bf(motd file)) This parameter allows you to specify a |
dit(bf(motd file)) This parameter allows you to specify a |
"message of the day" to display to clients on each connect. This |
"message of the day" to display to clients on each connect. This |
usually contains site information and any legal notices. The default |
usually contains site information and any legal notices. The default |
is no motd file. |
is no motd file. |
|
This can be overridden by the bf(--dparam=motdfile=FILE) |
|
command-line option when starting the daemon. |
|
|
dit(bf(pid file)) This parameter tells the rsync daemon to write |
dit(bf(pid file)) This parameter tells the rsync daemon to write |
its process ID to that file. If the file already exists, the rsync |
its process ID to that file. If the file already exists, the rsync |
daemon will abort rather than overwrite the file. |
daemon will abort rather than overwrite the file. |
|
This can be overridden by the bf(--dparam=pidfile=FILE) |
|
command-line option when starting the daemon. |
|
|
dit(bf(port)) You can override the default port the daemon will listen on |
dit(bf(port)) You can override the default port the daemon will listen on |
by specifying this value (defaults to 873). This is ignored if the daemon |
by specifying this value (defaults to 873). This is ignored if the daemon |
Line 104 details on some of the options you may be able to set.
|
Line 121 details on some of the options you may be able to set.
|
special socket options are set. These settings can also be specified |
special socket options are set. These settings can also be specified |
via the bf(--sockopts) command-line option. |
via the bf(--sockopts) command-line option. |
|
|
|
dit(bf(listen backlog)) You can override the default backlog value when the |
|
daemon listens for connections. It defaults to 5. |
|
|
enddit() |
enddit() |
|
|
manpagesection(MODULE PARAMETERS) |
manpagesection(MODULE PARAMETERS) |
Line 117 name contains whitespace, each internal sequence of wh
|
Line 137 name contains whitespace, each internal sequence of wh
|
changed into a single space, while leading or trailing whitespace will be |
changed into a single space, while leading or trailing whitespace will be |
discarded. |
discarded. |
|
|
|
As with GLOBAL PARAMETERS, you may use references to environment variables in |
|
the values of parameters. See the GLOBAL PARAMETERS section for more details. |
|
|
startdit() |
startdit() |
|
|
dit(bf(comment)) This parameter specifies a description string |
dit(bf(comment)) This parameter specifies a description string |
Line 127 dit(bf(path)) This parameter specifies the directory i
|
Line 150 dit(bf(path)) This parameter specifies the directory i
|
filesystem to make available in this module. You must specify this parameter |
filesystem to make available in this module. You must specify this parameter |
for each module in tt(rsyncd.conf). |
for each module in tt(rsyncd.conf). |
|
|
|
You may base the path's value off of an environment variable by surrounding |
|
the variable name with percent signs. You can even reference a variable |
|
that is set by rsync when the user connects. |
|
For example, this would use the authorizing user's name in the path: |
|
|
|
verb( path = /home/%RSYNC_USER_NAME% ) |
|
|
It is fine if the path includes internal spaces -- they will be retained |
It is fine if the path includes internal spaces -- they will be retained |
verbatim (which means that you shouldn't try to escape them). If your final |
verbatim (which means that you shouldn't try to escape them). If your final |
directory has a trailing space (and this is somehow not something you wish to |
directory has a trailing space (and this is somehow not something you wish to |
Line 197 to translate names, and that it is not possible for a
|
Line 227 to translate names, and that it is not possible for a
|
resources. |
resources. |
|
|
dit(bf(munge symlinks)) This parameter tells rsync to modify |
dit(bf(munge symlinks)) This parameter tells rsync to modify |
all incoming symlinks in a way that makes them unusable but recoverable | all symlinks in the same way as the (non-daemon-affecting) |
(see below). This should help protect your files from user trickery when | bf(--munge-links) command-line option (using a method described below). |
| This should help protect your files from user trickery when |
your daemon module is writable. The default is disabled when "use chroot" |
your daemon module is writable. The default is disabled when "use chroot" |
is on and the inside-chroot path is "/", otherwise it is enabled. |
is on and the inside-chroot path is "/", otherwise it is enabled. |
|
|
Line 266 If the daemon fails to open the specified file, it wil
|
Line 297 If the daemon fails to open the specified file, it wil
|
using syslog and output an error about the failure. (Note that the |
using syslog and output an error about the failure. (Note that the |
failure to open the specified log file used to be a fatal error.) |
failure to open the specified log file used to be a fatal error.) |
|
|
|
This setting can be overridden by using the bf(--log-file=FILE) or |
|
bf(--dparam=logfile=FILE) command-line options. The former overrides |
|
all the log-file parameters of the daemon and all module settings. |
|
The latter sets the daemon's log file and the default for all the |
|
modules, which still allows modules to override the default setting. |
|
|
dit(bf(syslog facility)) This parameter allows you to |
dit(bf(syslog facility)) This parameter allows you to |
specify the syslog facility name to use when logging messages from the |
specify the syslog facility name to use when logging messages from the |
rsync daemon. You may use any standard syslog facility name which is |
rsync daemon. You may use any standard syslog facility name which is |
Line 293 attempted uploads will fail. If "read only" is false t
|
Line 330 attempted uploads will fail. If "read only" is false t
|
be possible if file permissions on the daemon side allow them. The default |
be possible if file permissions on the daemon side allow them. The default |
is for all modules to be read only. |
is for all modules to be read only. |
|
|
|
Note that "auth users" can override this setting on a per-user basis. |
|
|
dit(bf(write only)) This parameter determines whether clients |
dit(bf(write only)) This parameter determines whether clients |
will be able to download files or not. If "write only" is true then any |
will be able to download files or not. If "write only" is true then any |
attempted downloads will fail. If "write only" is false then downloads |
attempted downloads will fail. If "write only" is false then downloads |
will be possible if file permissions on the daemon side allow them. The |
will be possible if file permissions on the daemon side allow them. The |
default is for this parameter to be disabled. |
default is for this parameter to be disabled. |
|
|
dit(bf(list)) This parameter determines if this module should be | dit(bf(list)) This parameter determines whether this module is |
listed when the client asks for a listing of available modules. By | listed when the client asks for a listing of available modules. In addition, |
setting this to false you can create hidden modules. The default is | if this is false, the daemon will pretend the module does not exist |
for modules to be listable. | when a client denied by "hosts allow" or "hosts deny" attempts to access it. |
| Realize that if "reverse lookup" is disabled globally but enabled for the |
| module, the resulting reverse lookup to a potentially client-controlled DNS |
| server may still reveal to the client that it hit an existing module. |
| The default is for modules to be listable. |
|
|
dit(bf(uid)) This parameter specifies the user name or user ID that |
dit(bf(uid)) This parameter specifies the user name or user ID that |
file transfers to and from that module should take place as when the daemon |
file transfers to and from that module should take place as when the daemon |
was run as root. In combination with the "gid" parameter this determines what |
was run as root. In combination with the "gid" parameter this determines what |
file permissions are available. The default is uid -2, which is normally | file permissions are available. The default when run by a super-user is to |
the user "nobody". | switch to the system's "nobody" user. The default for a non-super-user is to |
| not try to change the user. See also the "gid" parameter. |
|
|
dit(bf(gid)) This parameter specifies the group name or group ID that | The RSYNC_USER_NAME environment variable may be used to request that rsync run |
file transfers to and from that module should take place as when the daemon | as the authorizing user. For example, if you want a rsync to run as the same |
was run as root. This complements the "uid" parameter. The default is gid -2, | user that was received for the rsync authentication, this setup is useful: |
which is normally the group "nobody". | |
|
|
|
verb( uid = %RSYNC_USER_NAME% |
|
gid = * ) |
|
|
|
dit(bf(gid)) This parameter specifies one or more group names/IDs that will be |
|
used when accessing the module. The first one will be the default group, and |
|
any extra ones be set as supplemental groups. You may also specify a "*" as |
|
the first gid in the list, which will be replaced by all the normal groups for |
|
the transfer's user (see "uid"). The default when run by a super-user is to |
|
switch to your OS's "nobody" (or perhaps "nogroup") group with no other |
|
supplementary groups. The default for a non-super-user is to not change any |
|
group attributes (and indeed, your OS may not allow a non-super-user to try to |
|
change their group settings). |
|
|
dit(bf(fake super)) Setting "fake super = yes" for a module causes the |
dit(bf(fake super)) Setting "fake super = yes" for a module causes the |
daemon side to behave as if the bf(--fake-super) command-line option had |
daemon side to behave as if the bf(--fake-super) command-line option had |
been specified. This allows the full attributes of a file to be stored |
been specified. This allows the full attributes of a file to be stored |
Line 388 be on to the clients.
|
Line 444 be on to the clients.
|
See the description of the bf(--chmod) rsync option and the bf(chmod)(1) |
See the description of the bf(--chmod) rsync option and the bf(chmod)(1) |
manpage for information on the format of this string. |
manpage for information on the format of this string. |
|
|
dit(bf(auth users)) This parameter specifies a comma and | dit(bf(auth users)) This parameter specifies a comma and/or space-separated |
space-separated list of usernames that will be allowed to connect to | list of authorization rules. In its simplest form, you list the usernames |
| that will be allowed to connect to |
this module. The usernames do not need to exist on the local |
this module. The usernames do not need to exist on the local |
system. The usernames may also contain shell wildcard characters. If | system. The rules may contain shell wildcard characters that will be matched |
| against the username provided by the client for authentication. If |
"auth users" is set then the client will be challenged to supply a |
"auth users" is set then the client will be challenged to supply a |
username and password to connect to the module. A challenge response |
username and password to connect to the module. A challenge response |
authentication protocol is used for this exchange. The plain text |
authentication protocol is used for this exchange. The plain text |
Line 399 usernames and passwords are stored in the file specifi
|
Line 457 usernames and passwords are stored in the file specifi
|
"secrets file" parameter. The default is for all users to be able to |
"secrets file" parameter. The default is for all users to be able to |
connect without a password (this is called "anonymous rsync"). |
connect without a password (this is called "anonymous rsync"). |
|
|
|
In addition to username matching, you can specify groupname matching via a '@' |
|
prefix. When using groupname matching, the authenticating username must be a |
|
real user on the system, or it will be assumed to be a member of no groups. |
|
For example, specifying "@rsync" will match the authenticating user if the |
|
named user is a member of the rsync group. |
|
|
|
Finally, options may be specified after a colon (:). The options allow you to |
|
"deny" a user or a group, set the access to "ro" (read-only), or set the access |
|
to "rw" (read/write). Setting an auth-rule-specific ro/rw setting overrides |
|
the module's "read only" setting. |
|
|
|
Be sure to put the rules in the order you want them to be matched, because the |
|
checking stops at the first matching user or group, and that is the only auth |
|
that is checked. For example: |
|
|
|
verb( auth users = joe:deny @guest:deny admin:rw @rsync:ro susan joe sam ) |
|
|
|
In the above rule, user joe will be denied access no matter what. Any user |
|
that is in the group "guest" is also denied access. The user "admin" gets |
|
access in read/write mode, but only if the admin user is not in group "guest" |
|
(because the admin user-matching rule would never be reached if the user is in |
|
group "guest"). Any other user who is in group "rsync" will get read-only |
|
access. Finally, users susan, joe, and sam get the ro/rw setting of the |
|
module, but only if the user didn't match an earlier group-matching rule. |
|
|
|
See the description of the secrets file for how you can have per-user passwords |
|
as well as per-group passwords. It also explains how a user can authenticate |
|
using their user password or (when applicable) a group password, depending on |
|
what rule is being authenticated. |
|
|
See also the section entitled "USING RSYNC-DAEMON FEATURES VIA A REMOTE |
See also the section entitled "USING RSYNC-DAEMON FEATURES VIA A REMOTE |
SHELL CONNECTION" in bf(rsync)(1) for information on how handle an |
SHELL CONNECTION" in bf(rsync)(1) for information on how handle an |
rsyncd.conf-level username that differs from the remote-shell-level |
rsyncd.conf-level username that differs from the remote-shell-level |
username when using a remote shell to connect to an rsync daemon. |
username when using a remote shell to connect to an rsync daemon. |
|
|
dit(bf(secrets file)) This parameter specifies the name of | dit(bf(secrets file)) This parameter specifies the name of a file that contains |
a file that contains the username:password pairs used for | the username:password and/or @groupname:password pairs used for authenticating |
authenticating this module. This file is only consulted if the "auth | this module. This file is only consulted if the "auth users" parameter is |
users" parameter is specified. The file is line based and contains | specified. The file is line-based and contains one name:password pair per |
username:password pairs separated by a single colon. Any line starting | line. Any line has a hash (#) as the very first character on the line is |
with a hash (#) is considered a comment and is skipped. The passwords | considered a comment and is skipped. The passwords can contain any characters |
can contain any characters but be warned that many operating systems | but be warned that many operating systems limit the length of passwords that |
limit the length of passwords that can be typed at the client end, so | can be typed at the client end, so you may find that passwords longer than 8 |
you may find that passwords longer than 8 characters don't work. | characters don't work. |
|
|
|
The use of group-specific lines are only relevant when the module is being |
|
authorized using a matching "@groupname" rule. When that happens, the user |
|
can be authorized via either their "username:password" line or the |
|
"@groupname:password" line for the group that triggered the authentication. |
|
|
|
It is up to you what kind of password entries you want to include, either |
|
users, groups, or both. The use of group rules in "auth users" does not |
|
require that you specify a group password if you do not want to use shared |
|
passwords. |
|
|
There is no default for the "secrets file" parameter, you must choose a name |
There is no default for the "secrets file" parameter, you must choose a name |
(such as tt(/etc/rsyncd.secrets)). The file must normally not be readable |
(such as tt(/etc/rsyncd.secrets)). The file must normally not be readable |
by "other"; see "strict modes". | by "other"; see "strict modes". If the file is not found or is rejected, no |
| logins for a "user auth" module will be possible. |
|
|
dit(bf(strict modes)) This parameter determines whether or not |
dit(bf(strict modes)) This parameter determines whether or not |
the permissions on the secrets file will be checked. If "strict modes" is |
the permissions on the secrets file will be checked. If "strict modes" is |
Line 443 quote(itemization(
|
Line 542 quote(itemization(
|
IP address and maskaddr is the netmask in dotted decimal notation for IPv4, |
IP address and maskaddr is the netmask in dotted decimal notation for IPv4, |
or similar for IPv6, e.g. ffff:ffff:ffff:ffff:: instead of /64. All IP |
or similar for IPv6, e.g. ffff:ffff:ffff:ffff:: instead of /64. All IP |
addresses which match the masked IP address will be allowed in. |
addresses which match the masked IP address will be allowed in. |
it() a hostname. The hostname as determined by a reverse lookup will | it() a hostname pattern using wildcards. If the hostname of the connecting IP |
be matched (case insensitive) against the pattern. Only an exact | (as determined by a reverse lookup) matches the wildcarded name (using the |
match is allowed in. | same rules as normal unix filename matching), the client is allowed in. This |
it() a hostname pattern using wildcards. These are matched using the | only works if "reverse lookup" is enabled (the default). |
same rules as normal unix filename matching. If the pattern matches | it() a hostname. A plain hostname is matched against the reverse DNS of the |
then the client is allowed in. | connecting IP (if "reverse lookup" is enabled), and/or the IP of the given |
| hostname is matched against the connecting IP (if "forward lookup" is |
| enabled, as it is by default). Any match will be allowed in. |
)) |
)) |
|
|
Note IPv6 link-local addresses can have a scope in the address specification: |
Note IPv6 link-local addresses can have a scope in the address specification: |
Line 476 rejected. See the "hosts allow" parameter for more inf
|
Line 577 rejected. See the "hosts allow" parameter for more inf
|
|
|
The default is no "hosts deny" parameter, which means all hosts can connect. |
The default is no "hosts deny" parameter, which means all hosts can connect. |
|
|
|
dit(bf(reverse lookup)) Controls whether the daemon performs a reverse lookup |
|
on the client's IP address to determine its hostname, which is used for |
|
"hosts allow"/"hosts deny" checks and the "%h" log escape. This is enabled by |
|
default, but you may wish to disable it to save time if you know the lookup will |
|
not return a useful result, in which case the daemon will use the name |
|
"UNDETERMINED" instead. |
|
|
|
If this parameter is enabled globally (even by default), rsync performs the |
|
lookup as soon as a client connects, so disabling it for a module will not |
|
avoid the lookup. Thus, you probably want to disable it globally and then |
|
enable it for modules that need the information. |
|
|
|
dit(bf(forward lookup)) Controls whether the daemon performs a forward lookup |
|
on any hostname specified in an hosts allow/deny setting. By default this is |
|
enabled, allowing the use of an explicit hostname that would not be returned |
|
by reverse DNS of the connecting IP. |
|
|
dit(bf(ignore errors)) This parameter tells rsyncd to |
dit(bf(ignore errors)) This parameter tells rsyncd to |
ignore I/O errors on the daemon when deciding whether to run the delete |
ignore I/O errors on the daemon when deciding whether to run the delete |
phase of the transfer. Normally rsync skips the bf(--delete) step if any |
phase of the transfer. Normally rsync skips the bf(--delete) step if any |
Line 502 The format is a text string containing embedded single
|
Line 620 The format is a text string containing embedded single
|
sequences prefixed with a percent (%) character. An optional numeric |
sequences prefixed with a percent (%) character. An optional numeric |
field width may also be specified between the percent and the escape |
field width may also be specified between the percent and the escape |
letter (e.g. "bf(%-50n %8l %07p)"). |
letter (e.g. "bf(%-50n %8l %07p)"). |
|
In addition, one or more apostrophes may be specified prior to a numerical |
|
escape to indicate that the numerical value should be made more human-readable. |
|
The 3 supported levels are the same as for the bf(--human-readable) |
|
command-line option, though the default is for human-readability to be off. |
|
Each added apostrophe increases the level (e.g. "bf(%''l %'b %f)"). |
|
|
The default log format is "%o %h [%a] %m (%u) %f %l", and a "%t [%p] " |
The default log format is "%o %h [%a] %m (%u) %f %l", and a "%t [%p] " |
is always prefixed when using the "log file" parameter. |
is always prefixed when using the "log file" parameter. |
Line 512 rsyncstats.)
|
Line 635 rsyncstats.)
|
The single-character escapes that are understood are as follows: |
The single-character escapes that are understood are as follows: |
|
|
quote(itemization( |
quote(itemization( |
it() %a the remote IP address | it() %a the remote IP address (only available for a daemon) |
it() %b the number of bytes actually transferred |
it() %b the number of bytes actually transferred |
it() %B the permission bits of the file (e.g. rwxrwxrwt) |
it() %B the permission bits of the file (e.g. rwxrwxrwt) |
it() %c the total size of the block checksums received for the basis file (only when sending) |
it() %c the total size of the block checksums received for the basis file (only when sending) |
|
it() %C the full-file MD5 checksum if bf(--checksum) is enabled or a file was transferred (only for protocol 30 or above). |
it() %f the filename (long form on sender; no trailing "/") |
it() %f the filename (long form on sender; no trailing "/") |
it() %G the gid of the file (decimal) or "DEFAULT" |
it() %G the gid of the file (decimal) or "DEFAULT" |
it() %h the remote host name | it() %h the remote host name (only available for a daemon) |
it() %i an itemized list of what is being updated |
it() %i an itemized list of what is being updated |
it() %l the length of the file in bytes |
it() %l the length of the file in bytes |
it() %L the string " -> SYMLINK", " => HARDLINK", or "" (where bf(SYMLINK) or bf(HARDLINK) is a filename) |
it() %L the string " -> SYMLINK", " => HARDLINK", or "" (where bf(SYMLINK) or bf(HARDLINK) is a filename) |
Line 589 the sender.
|
Line 713 the sender.
|
|
|
dit(bf(pre-xfer exec), bf(post-xfer exec)) You may specify a command to be run |
dit(bf(pre-xfer exec), bf(post-xfer exec)) You may specify a command to be run |
before and/or after the transfer. If the bf(pre-xfer exec) command fails, the |
before and/or after the transfer. If the bf(pre-xfer exec) command fails, the |
transfer is aborted before it begins. | transfer is aborted before it begins. Any output from the script on stdout (up |
| to several KB) will be displayed to the user when aborting, but is NOT |
| displayed if the script returns success. Any output from the script on stderr |
| goes to the daemon's stderr, which is typically discarded (though see |
| --no-detatch option for a way to see the stderr output, which can assist with |
| debugging). |
|
|
The following environment variables will be set, though some are |
The following environment variables will be set, though some are |
specific to the pre-xfer or the post-xfer environment: |
specific to the pre-xfer or the post-xfer environment: |
Line 602 quote(itemization(
|
Line 731 quote(itemization(
|
it() bf(RSYNC_USER_NAME): The accessing user's name (empty if no user). |
it() bf(RSYNC_USER_NAME): The accessing user's name (empty if no user). |
it() bf(RSYNC_PID): A unique number for this transfer. |
it() bf(RSYNC_PID): A unique number for this transfer. |
it() bf(RSYNC_REQUEST): (pre-xfer only) The module/path info specified |
it() bf(RSYNC_REQUEST): (pre-xfer only) The module/path info specified |
by the user (note that the user can specify multiple source files, | by the user. Note that the user can specify multiple source files, |
so the request can be something like "mod/path1 mod/path2", etc.). | so the request can be something like "mod/path1 mod/path2", etc. |
it() bf(RSYNC_ARG#): (pre-xfer only) The pre-request arguments are set |
it() bf(RSYNC_ARG#): (pre-xfer only) The pre-request arguments are set |
in these numbered values. RSYNC_ARG0 is always "rsyncd", and the last | in these numbered values. RSYNC_ARG0 is always "rsyncd", followed by |
value contains a single period. | the options that were used in RSYNC_ARG1, and so on. There will be a |
| value of "." indicating that the options are done and the path args |
| are beginning -- these contain similar information to RSYNC_REQUEST, |
| but with values separated and the module name stripped off. |
it() bf(RSYNC_EXIT_STATUS): (post-xfer only) the server side's exit value. |
it() bf(RSYNC_EXIT_STATUS): (post-xfer only) the server side's exit value. |
This will be 0 for a successful run, a positive value for an error that the |
This will be 0 for a successful run, a positive value for an error that the |
server generated, or a -1 if rsync failed to exit properly. Note that an |
server generated, or a -1 if rsync failed to exit properly. Note that an |
Line 621 module's uid/gid setting) without any chroot restricti
|
Line 753 module's uid/gid setting) without any chroot restricti
|
|
|
enddit() |
enddit() |
|
|
|
manpagesection(CONFIG DIRECTIVES) |
|
|
|
There are currently two config directives available that allow a config file to |
|
incorporate the contents of other files: bf(&include) and bf(&merge). Both |
|
allow a reference to either a file or a directory. They differ in how |
|
segregated the file's contents are considered to be. |
|
|
|
The bf(&include) directive treats each file as more distinct, with each one |
|
inheriting the defaults of the parent file, starting the parameter parsing |
|
as globals/defaults, and leaving the defaults unchanged for the parsing of |
|
the rest of the parent file. |
|
|
|
The bf(&merge) directive, on the other hand, treats the file's contents as |
|
if it were simply inserted in place of the directive, and thus it can set |
|
parameters in a module started in another file, can affect the defaults for |
|
other files, etc. |
|
|
|
When an bf(&include) or bf(&merge) directive refers to a directory, it will read |
|
in all the bf(*.conf) or bf(*.inc) files (respectively) that are contained inside |
|
that directory (without any |
|
recursive scanning), with the files sorted into alpha order. So, if you have a |
|
directory named "rsyncd.d" with the files "foo.conf", "bar.conf", and |
|
"baz.conf" inside it, this directive: |
|
|
|
verb( &include /path/rsyncd.d ) |
|
|
|
would be the same as this set of directives: |
|
|
|
verb( &include /path/rsyncd.d/bar.conf |
|
&include /path/rsyncd.d/baz.conf |
|
&include /path/rsyncd.d/foo.conf ) |
|
|
|
except that it adjusts as files are added and removed from the directory. |
|
|
|
The advantage of the bf(&include) directive is that you can define one or more |
|
modules in a separate file without worrying about unintended side-effects |
|
between the self-contained module files. |
|
|
|
The advantage of the bf(&merge) directive is that you can load config snippets |
|
that can be included into multiple module definitions, and you can also set |
|
global values that will affect connections (such as bf(motd file)), or globals |
|
that will affect other include files. |
|
|
|
For example, this is a useful /etc/rsyncd.conf file: |
|
|
|
verb( port = 873 |
|
log file = /var/log/rsync.log |
|
pid file = /var/lock/rsync.lock |
|
|
|
&merge /etc/rsyncd.d |
|
&include /etc/rsyncd.d ) |
|
|
|
This would merge any /etc/rsyncd.d/*.inc files (for global values that should |
|
stay in effect), and then include any /etc/rsyncd.d/*.conf files (defining |
|
modules without any global-value cross-talk). |
|
|
manpagesection(AUTHENTICATION STRENGTH) |
manpagesection(AUTHENTICATION STRENGTH) |
|
|
The authentication protocol used in rsync is a 128 bit MD4 based |
The authentication protocol used in rsync is a 128 bit MD4 based |
Line 706 url(http://rsync.samba.org/)(http://rsync.samba.org/)
|
Line 894 url(http://rsync.samba.org/)(http://rsync.samba.org/)
|
|
|
manpagesection(VERSION) |
manpagesection(VERSION) |
|
|
This man page is current for version 3.0.9 of rsync. | This man page is current for version 3.1.0 of rsync. |
|
|
manpagesection(CREDITS) |
manpagesection(CREDITS) |
|
|
rsync is distributed under the GNU public license. See the file | rsync is distributed under the GNU General Public License. See the file |
COPYING for details. |
COPYING for details. |
|
|
The primary ftp site for rsync is |
The primary ftp site for rsync is |